Projects/MFA Authentication
Capital One · TECH.XD

Multi-Factor Authentication

An outdated MFA portal was generating support tickets and failing self-service. I redesigned it from the ground up — shipping to 60,000 users, with 2–3K registrations per day at peak.

My role
UX Designer + Design Lead
Team
Design team + tech lead + PO
Scale
60,000 users
Delivered
MVP + future state
Enterprise UXSecurityADA Compliance60K users
MFA
Multi-Factor Authentication · Capital One TECH.XD
85%
Of 60,000 users moved to Passwordless after launch
2–3K
Users registering per day at peak post-launch
+25pp
Increase in Passwordless registrations (50% → 75%)
−10%
Reduction in Slack support questions post-launch
The problem

Users couldn't self-serve. Support was paying the price.

Capital One's internal MFA team had an outdated, ADA non-compliant portal that was failing users at the registration step. People couldn't figure out which MFA option to choose, couldn't distinguish between iconography, and didn't understand the difference between Passwordless and non-Passwordless options.

The result: support channels were flooded. The task was to redesign the portal to drive self-service registration — and nudge users toward the preferred Passwordless option where possible.

Research

Industry audit + existing findings. No formalized research needed.

Prior research had already been done by the MFA team, so I focused my energy on an industry audit — studying how other platforms handled the same challenge. Credit card companies use "bright" banner patterns to nudge users toward preferred options. I applied that mental model to the MFA enrollment flow.

Three core problems from the existing research:

Users were unaware of what MFA options existed — no clear overview of available devices.
Users couldn't visually distinguish between iconography — Yubi key vs. Security key looked too similar.
Users didn't understand the difference between Passwordless and non-Passwordless — the distinction wasn't surfaced clearly enough in the UI.
Research findings and industry audit

Industry audit · existing research findings

Ideation

Happy path first. Then iterate on the options split.

I sat with the product team and diagrammed the ideal customer happy path — mapping the MFA selection and registration flow end-to-end. Then we brainstormed UI patterns for how to present the Passwordless vs. non-Passwordless split.

Happy path diagram — MFA selection flow

Happy path diagram · MFA selection and registration flow

One early idea: divide options into separate rows with a collapsible for Passwordless requirements. We prototyped it and killed it fast — it added too much cognitive effort to hide and show information. Simplicity won.

Prototyping

ADA compliance + Passwordless nudge + clean UI.

While prototyping, I checked every screen against ADA standards — updating font sizes, color contrast, and iconography to Capital One's Gravity design system. The previous portal had failed on multiple accessibility criteria.

Then came a mid-project curveball: leadership told us Passwordless could no longer be recommended to users for the time being. We redesigned immediately — creating both an MVP state (no Passwordless push) and a future state (with the Passwordless nudge ready to ship when the restriction lifted).

Prototype screens — ADA compliant MFA portal

Prototypes · MVP state + future state with Passwordless nudge

Testing

10 interviews. Mostly positive. Two real issues found.

We ran 10 usability interviews with power and non-power users, testing against two goals: would users opt for Passwordless, and could they complete registration without support?

Iconography changes alone didn't resolve Yubi key vs. Security key confusion — nearly all interviewees still found the distinction unclear.
All users found the new UI more intuitive and visually cleaner than the previous state.
All but one user chose the non-Passwordless option — consistent with the temporary restriction in place.

With the feedback incorporated, we did a final UI polish and launched.

Usability test findings Usability test results

Usability testing · 10 interviews · findings and fixes

High-fidelity design

Two key screens.

Registration & Select Device — kept the original UI formatting (users' mental model was already set), cleaned up iconography, fixed ADA violations, aligned to Gravity standards.
Register a New Device — selected by 80%+ of users in testing. Gives clear differentiation between Passwordless and non-Passwordless options with additional context per device. Designed with a light "nudge" toward the Passwordless option for the future state.
Registration and Select Device hi-fi screens

Registration & select device · ADA compliant · Gravity design system

Register New Device hi-fi — Passwordless nudge

Register new device · Passwordless vs non-Passwordless · future state nudge

Results

60,000 users. 85% on Passwordless. 2–3K per day.

After deployment, MFA registrations hit the goal of 85% of users (60,000) moving to Passwordless — with peaks of 2,000–3,000 people registering per day.

Passwordless registration rate increased 25 percentage points (from 50% to 75%). The support team saw a 10% decrease in Slack questions after launch.

The future state design — with the Passwordless nudge — was ready to flip on the moment the restriction was lifted.

MFA results — 85% on Passwordless

Post-launch · 60,000 users · 85% Passwordless adoption

Learnings

Design for real constraints. Ship both states.

The mid-project restriction on Passwordless recommendations was a real test of adaptability. Instead of treating it as a blocker, we used it as a forcing function — shipping a clean MVP while keeping the future state ready to activate.

It's a pattern I've used since: design both the thing you can ship now and the thing you want to ship later. Keeps momentum, reduces rework, and gives stakeholders something to point toward.

Next project
OnePipeline — Developer Notifications, −50% failed builds